Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade go1.21.11 #53830

Closed
hawkingrei opened this issue Jun 5, 2024 · 0 comments · Fixed by #53829
Closed

upgrade go1.21.11 #53830

hawkingrei opened this issue Jun 5, 2024 · 0 comments · Fixed by #53829
Labels
affects-7.5 This bug affects the 7.5.x(LTS) versions. affects-8.1 This bug affects the 8.1.x(LTS) versions. type/enhancement The issue or PR belongs to an enhancement.

Comments

@hawkingrei
Copy link
Member

hawkingrei commented Jun 5, 2024
edited
Loading

Enhancement



Hello gophers,

We have just released Go versions 1.22.4 and 1.21.11, minor point releases.

These minor releases include 2 security fixes following the [security policy](https://go.dev/security):

    archive/zip: mishandling of corrupt central directory record

    The archive/zip package's handling of certain types of invalid zip files differed from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

    Thanks to Yufan You (@ouuan) for reporting this issue.

    This is CVE-2024-24789 and Go issue https://go.dev/issue/66869.

    net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

    The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for
    IPv4-mapped IPv6 addresses, returning false for addresses which would return
    true in their traditional IPv4 forms.

    Thanks to Enze Wang of Alioth (@zer0yu) and Jianjun Chen of Zhongguancun Lab
    (@chenjj) for reporting this issue.

    This is CVE-2024-24790 and Go issue https://go.dev/issue/67680.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.4

You can download binary and source distrib
@hawkingrei hawkingrei added the type/enhancement The issue or PR belongs to an enhancement. label Jun 5, 2024
@hawkingrei hawkingrei mentioned this issue Jun 5, 2024
Merged
13 tasks
ti-chi-bot bot pushed a commit that referenced this issue Jun 5, 2024
@hawkingrei
*: upgrade go1.21.11 (#53829)
5086e09 
close #53830
@ti-chi-bot ti-chi-bot mentioned this issue Jun 7, 2024
Merged
13 tasks
@ti-chi-bot ti-chi-bot added affects-7.5 This bug affects the 7.5.x(LTS) versions. affects-8.1 This bug affects the 8.1.x(LTS) versions. labels Jun 7, 2024
@ti-chi-bot ti-chi-bot mentioned this issue Jun 7, 2024
Merged
13 tasks
ti-chi-bot bot pushed a commit that referenced this issue Jun 7, 2024
@ti-chi-bot
*: upgrade go1.21.11 (#53829) (#53884)
340daa3 
close #53830
ti-chi-bot bot pushed a commit that referenced this issue Jun 13, 2024
@ti-chi-bot
*: upgrade go1.21.11 (#53829) (#53885)
1563cc5 
close #53830
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects-7.5 This bug affects the 7.5.x(LTS) versions. affects-8.1 This bug affects the 8.1.x(LTS) versions. type/enhancement The issue or PR belongs to an enhancement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

*: upgrade go1.21.11 hawkingrei/tidb
2 participants
@hawkingrei @ti-chi-bot